Insanity is colloquially defined as doing the same thing over and over again, expecting a different result. For too long, corporations have dealt with regulatory requirements in a rather insane manner.
It goes something like this:
Regulation/standard released
Struggle to comprehend and digest
Delay implementation
Call in consultants to fix
Answer all the checklists
Spend more money
Barely achieve the low-bar of compliance
One would think that after the colossal spending from Sarbanes-Oxley, companies would take a more formal approach to compliance. But two years of experience with PCI DSS (Payment Card Industry Data Security Standard) shows that companies are still using the same compliance strategy over and over again, and in some cases, still lying to their auditors and management.
This compliance insanity has to stop. Far too much money is spent, far too little ROI, and even less effective security is gained via this broken process. Companies are missing the point when they deal with each regulation as a single discrete effort that needs to be complied with. This myopic view of regulatory compliance creates the situation where organizations are constantly reinventing the wheel, wasting time and effort, and ultimately blowing security budgets.
The following white paper will detail a strategy that enables companies to painlessly gain PCI compliance and ensure effective security. By mapping technical controls to PCI standards and by continuously monitoring, assessing and reporting the status of your environment, Lumension's security management solution will make your PCI audit the most efficient and actionable of your life.
Information Security Research Library
